blog-audio

Pass

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess calls to manage its environment and perform audio conversion. In scripts/generate_audio.py, ffmpeg is called to convert WAV files to MP3 using hardcoded parameters and controlled file paths. In scripts/setup_environment.py and scripts/run.py, subprocess is used to manage the Python virtual environment and install packages. These operations are standard for the skill's architecture and do not exhibit command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill downloads Python dependencies from PyPI. It employs a requirements.lock file with SHA-256 hashes for all packages (e.g., google-genai, pydantic, cryptography), ensuring that only verified, untampered code is installed in the local environment.
  • [DATA_EXFILTRATION]: The skill communicates with official Google API endpoints via the google-genai SDK. This is the intended behavior for text-to-speech generation. It correctly handles the API key via environment variables and does not transmit sensitive local files to untrusted domains.
  • [PROMPT_INJECTION]: The skill processes user-provided blog content for narration. While this creates a surface for indirect prompt injection (narrating malicious text), the impact is confined to the generated audio output and does not grant the attacker unauthorized capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
May 21, 2026, 07:36 AM
Security Audit — agent-trust-hub — blog-audio